The invention relates to user trusted devices using a personal identification number (PIN)-protected memory card such as a smart card, such as those used for Internet banking. In particular, it relates to secure PIN management of such devices.
Security problems with personal computers (PCs) make them unsuitable for many functions since data entered by users can be manipulated or copied by an attacker. Transactions can be changed to send money to unwanted recipients or to order unwanted goods, or user credentials can be copied providing attackers with access to systems such as those used for Internet banking.
To solve some of these problems, a user trusted device (also a “secure device”) can be used together with a PC. One such solution, the IBM® Zone Trusted Information Channel (see Thomas Weigold, Thorsten Kramp, Reto Hermann, Frank Höring, Peter Buhler, Michael Baentsch, “The Zurich Trusted Information Channel—An Efficient Defence against Man-in-the-Middle and Malicious Software Attacks”, In P. Lipp, A.-R. Sadeghi, and K.-M. Koch (Eds.): TRUST 2008, LNCS 4968, pp. 75-91, 2008), allows the user to verify information associated with a transaction (e.g. in the case of Internet banking the amount and recipient) before the transaction is executed by the service provider (e.g. the bank). The transaction is verified on the device, which is secure and can send the verified information to the back-end system in a secure manner.
To access an Internet service, the user has credentials that are used to identify him/her to that service. Such credentials are sometimes stored on a smart card. In this case, the secure device has a smart card reader to allow these credentials to be used. To ensure that the credentials can only be used by the intended users, the smart card is protected by a PIN. The PIN is thus kept secret; otherwise it could be used by someone else to access the server. The smart card may also be used for purposes other than authenticating users for Internet transactions. For example the same card may be used for getting cash from ATMs. In such cases the card's PIN requires even stronger protection.
In a secure device, memory is usually partitioned into persistent (or non-volatile) and transient (also non-persistent or volatile) portions. Persistent memory retains its information stored independent of the operating mode of the device, for example, when the device is “off” or the main battery has been removed. Persistent memory can be implemented using e.g. read only memory (ROM), programmable ROM, electrically erasable, programmable ROM (EEPROM), using battery backed-up static random access memory (SRAM) or dynamic random access memory (DRAM). Transient memory only retains information stored thereon during active operation of the device and is typically implemented with SRAM or DRAM. In running an application in the device, it is common to perform a save operation, whereby contents in the transient memory is stored on the persistent memory.